[25/62] x86/head/64: Install boot GDT

Message ID	20200211135256.24617-26-joro@8bytes.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=UyAS=37=vger.kernel.org=kvm-owner@kernel.org> From: Joerg Roedel <joro@8bytes.org> To: x86@kernel.org Cc: hpa@zytor.com, Andy Lutomirski <luto@kernel.org>, Dave Hansen <dave.hansen@linux.intel.com>, Peter Zijlstra <peterz@infradead.org>, Thomas Hellstrom <thellstrom@vmware.com>, Jiri Slaby <jslaby@suse.cz>, Dan Williams <dan.j.williams@intel.com>, Tom Lendacky <thomas.lendacky@amd.com>, Juergen Gross <jgross@suse.com>, Kees Cook <keescook@chromium.org>, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, virtualization@lists.linux-foundation.org, Joerg Roedel <joro@8bytes.org>, Joerg Roedel <jroedel@suse.de> Subject: [PATCH 25/62] x86/head/64: Install boot GDT Date: Tue, 11 Feb 2020 14:52:19 +0100 Message-Id: <20200211135256.24617-26-joro@8bytes.org> In-Reply-To: <20200211135256.24617-1-joro@8bytes.org> References: <20200211135256.24617-1-joro@8bytes.org> Sender: kvm-owner@vger.kernel.org Precedence: bulk
Series	Linux as SEV-ES Guest Support \| expand [RFC,00/62] Linux as SEV-ES Guest Support [01/62] KVM: SVM: Add GHCB definitions [02/62] KVM: SVM: Add GHCB Accessor functions [03/62] x86/cpufeatures: Add SEV-ES CPU feature [04/62] x86/traps: Move some definitions to <asm/trap_defs.h> [05/62] x86/insn-decoder: Make inat-tables.c suitable for pre-decompression code [06/62] x86/boot/compressed: Fix debug_puthex() parameter type [07/62] x86/boot/compressed/64: Disable red-zone usage [08/62] x86/boot/compressed/64: Add IDT Infrastructure [09/62] x86/boot/compressed/64: Rename kaslr_64.c to ident_map_64.c [10/62] x86/boot/compressed/64: Add page-fault handler [11/62] x86/boot/compressed/64: Always switch to own page-table [12/62] x86/boot/compressed/64: Don't pre-map memory in KASLR code [13/62] x86/boot/compressed/64: Change add_identity_map() to take start and end [14/62] x86/boot/compressed/64: Add stage1 #VC handler [15/62] x86/boot/compressed/64: Call set_sev_encryption_mask earlier [16/62] x86/boot/compressed/64: Check return value of kernel_ident_mapping_init() [17/62] x86/boot/compressed/64: Add function to map a page unencrypted [18/62] x86/boot/compressed/64: Setup GHCB Based VC Exception handler [19/62] x86/sev-es: Add support for handling IOIO exceptions [20/62] x86/fpu: Move xgetbv()/xsetbv() into separate header [21/62] x86/sev-es: Add CPUID handling to #VC handler [22/62] x86/sev-es: Add handler for MMIO events [23/62] x86/idt: Move IDT to data segment [24/62] x86/idt: Split idt_data setup out of set_intr_gate() [25/62] x86/head/64: Install boot GDT [26/62] x86/head/64: Reload GDT after switch to virtual addresses [27/62] x86/head/64: Load segment registers earlier [28/62] x86/head/64: Switch to initial stack earlier [29/62] x86/head/64: Load IDT earlier [30/62] x86/head/64: Move early exception dispatch to C code [31/62] x86/sev-es: Add SEV-ES Feature Detection [32/62] x86/sev-es: Compile early handler code into kernel image [33/62] x86/sev-es: Setup early #VC handler [34/62] x86/sev-es: Setup GHCB based boot #VC handler [35/62] x86/sev-es: Setup per-cpu GHCBs for the runtime handler [36/62] x86/sev-es: Add Runtime #VC Exception Handler [37/62] x86/sev-es: Wire up existing #VC exit-code handlers [38/62] x86/sev-es: Handle instruction fetches from user-space [39/62] x86/sev-es: Harden runtime #VC handler for exceptions from user-space [40/62] x86/sev-es: Filter exceptions not supported from user-space [41/62] x86/sev-es: Handle MSR events [42/62] x86/sev-es: Handle DR7 read/write events [43/62] x86/sev-es: Handle WBINVD Events [44/62] x86/sev-es: Handle RDTSC Events [45/62] x86/sev-es: Handle RDPMC Events [46/62] x86/sev-es: Handle INVD Events [47/62] x86/sev-es: Handle RDTSCP Events [48/62] x86/sev-es: Handle MONITOR/MONITORX Events [49/62] x86/sev-es: Handle MWAIT/MWAITX Events [50/62] x86/sev-es: Handle VMMCALL Events [51/62] x86/sev-es: Handle #AC Events [52/62] x86/sev-es: Handle #DB Events [53/62] x86/paravirt: Allow hypervisor specific VMMCALL handling under SEV-ES [54/62] x86/kvm: Add KVM specific VMMCALL handling under SEV-ES [55/62] x86/vmware: Add VMware specific handling for VMMCALL under SEV-ES [56/62] x86/realmode: Add SEV-ES specific trampoline entry point [57/62] x86/realmode: Setup AP jump table [58/62] x86/head/64: Don't call verify_cpu() on starting APs [59/62] x86/head/64: Rename start_cpu0 [60/62] x86/sev-es: Support CPU offline/online [61/62] x86/cpufeature: Add SEV_ES_GUEST CPU Feature [62/62] x86/sev-es: Add NMI state tracking

Message ID

20200211135256.24617-26-joro@8bytes.org (mailing list archive)

State

New, archived

Headers

From: Joerg Roedel <joro@8bytes.org>
To: x86@kernel.org
Cc: hpa@zytor.com, Andy Lutomirski <luto@kernel.org>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Thomas Hellstrom <thellstrom@vmware.com>,
        Jiri Slaby <jslaby@suse.cz>,
        Dan Williams <dan.j.williams@intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Juergen Gross <jgross@suse.com>,
        Kees Cook <keescook@chromium.org>,
        linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
        virtualization@lists.linux-foundation.org,
        Joerg Roedel <joro@8bytes.org>, Joerg Roedel <jroedel@suse.de>
Subject: [PATCH 25/62] x86/head/64: Install boot GDT
Date: Tue, 11 Feb 2020 14:52:19 +0100
Message-Id: <20200211135256.24617-26-joro@8bytes.org>
In-Reply-To: <20200211135256.24617-1-joro@8bytes.org>
References: <20200211135256.24617-1-joro@8bytes.org>
Sender: kvm-owner@vger.kernel.org
Precedence: bulk

Series

Linux as SEV-ES Guest Support | expand

Commit Message

Joerg Roedel Feb. 11, 2020, 1:52 p.m. UTC

From: Joerg Roedel <jroedel@suse.de>

Handling exceptions during boot requires a working GDT. The kernel GDT
is not yet ready for use, so install a temporary boot GDT.

Signed-off-by: Joerg Roedel <jroedel@suse.de>
---
 arch/x86/kernel/head_64.S | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

Comments

Andy Lutomirski Feb. 11, 2020, 10:29 p.m. UTC | #1

On Tue, Feb 11, 2020 at 5:53 AM Joerg Roedel <joro@8bytes.org> wrote:
>
> From: Joerg Roedel <jroedel@suse.de>
>
> Handling exceptions during boot requires a working GDT. The kernel GDT
> is not yet ready for use, so install a temporary boot GDT.
>
> Signed-off-by: Joerg Roedel <jroedel@suse.de>
> ---
>  arch/x86/kernel/head_64.S | 26 ++++++++++++++++++++++++++
>  1 file changed, 26 insertions(+)
>
> diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
> index 4bbc770af632..5a3cde971cb7 100644
> --- a/arch/x86/kernel/head_64.S
> +++ b/arch/x86/kernel/head_64.S
> @@ -72,6 +72,20 @@ SYM_CODE_START_NOALIGN(startup_64)
>         /* Set up the stack for verify_cpu(), similar to initial_stack below */
>         leaq    (__end_init_task - SIZEOF_PTREGS)(%rip), %rsp
>
> +       /* Setup boot GDT descriptor and load boot GDT */
> +       leaq    boot_gdt(%rip), %rax
> +       movq    %rax, boot_gdt_base(%rip)
> +       lgdt    boot_gdt_descr(%rip)
> +
> +       /* GDT loaded - switch to __KERNEL_CS so IRET works reliably */
> +       pushq   $__KERNEL_CS
> +       leaq    .Lon_kernel_cs(%rip), %rax
> +       pushq   %rax
> +       lretq
> +
> +.Lon_kernel_cs:
> +       UNWIND_HINT_EMPTY

I would suggest fixing at least SS as well.

Joerg Roedel Feb. 12, 2020, 12:20 p.m. UTC | #2

On Tue, Feb 11, 2020 at 02:29:24PM -0800, Andy Lutomirski wrote:
> On Tue, Feb 11, 2020 at 5:53 AM Joerg Roedel <joro@8bytes.org> wrote:
> > +       /* GDT loaded - switch to __KERNEL_CS so IRET works reliably */
> > +       pushq   $__KERNEL_CS
> > +       leaq    .Lon_kernel_cs(%rip), %rax
> > +       pushq   %rax
> > +       lretq
> > +
> > +.Lon_kernel_cs:
> > +       UNWIND_HINT_EMPTY
> 
> I would suggest fixing at least SS as well.

You are right, that is cleaner. Initialized DS, ES, and SS to
__KERNEL_DS here too.

Regards,

	Joerg

diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index 4bbc770af632..5a3cde971cb7 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -72,6 +72,20 @@  SYM_CODE_START_NOALIGN(startup_64)
 	/* Set up the stack for verify_cpu(), similar to initial_stack below */
 	leaq	(__end_init_task - SIZEOF_PTREGS)(%rip), %rsp
 
+	/* Setup boot GDT descriptor and load boot GDT */
+	leaq	boot_gdt(%rip), %rax
+	movq	%rax, boot_gdt_base(%rip)
+	lgdt	boot_gdt_descr(%rip)
+
+	/* GDT loaded - switch to __KERNEL_CS so IRET works reliably */
+	pushq	$__KERNEL_CS
+	leaq	.Lon_kernel_cs(%rip), %rax
+	pushq	%rax
+	lretq
+
+.Lon_kernel_cs:
+	UNWIND_HINT_EMPTY
+
 	/* Sanitize CPU configuration */
 	call verify_cpu
 
@@ -480,6 +494,18 @@  SYM_DATA_LOCAL(early_gdt_descr_base,	.quad INIT_PER_CPU_VAR(gdt_page))
 SYM_DATA(phys_base, .quad 0x0)
 EXPORT_SYMBOL(phys_base)
 
+/* Boot GDT used when kernel addresses are not mapped yet */
+SYM_DATA_LOCAL(boot_gdt_descr,		.word boot_gdt_end - boot_gdt)
+SYM_DATA_LOCAL(boot_gdt_base,		.quad 0)
+SYM_DATA_START(boot_gdt)
+	.quad	0
+	.quad   0x00cf9a000000ffff      /* __KERNEL32_CS */
+	.quad   0x00af9a000000ffff      /* __KERNEL_CS */
+	.quad   0x00cf92000000ffff      /* __KERNEL_DS */
+	.quad   0x0080890000000000      /* TS descriptor */
+	.quad   0x0000000000000000      /* TS continued */
+SYM_DATA_END_LABEL(boot_gdt, SYM_L_LOCAL, boot_gdt_end)
+
 #include "../../x86/xen/xen-head.S"
 
 	__PAGE_ALIGNED_BSS

[25/62] x86/head/64: Install boot GDT

Commit Message

Comments

Patch